Skip to main content

Samuel Thibault on GNU Hurd

Movies Preview

movies
Samuel Thibault on GNU Hurd




The Unix model usually strongly separates the "privileged" user from the non-privileged users. The former usually have all possible privileges, while the latter have very restricted privileges, limited to their own home directory, and at best sometimes allowance to mount removable media. One of the answers from userland has for instance been GVFS, which permits GNOME applications to transparently access not only what the system proposes, i.e. actually what the privileged user proposes, but also what userland-provided content, such as files from FTP, SMB, etc. Another interesting example is using SOCKS to access an intranet website. Some browsers natively support using a SOCKS proxy, and for those which don't, libsocks4 can be used to transparently make them do.

These approaches (embedding) are however limited and impede composition, since they mostly have to be explicited in the source code. What if a removable media is formated with a special filesystem? What if the intranet website can not be accessed through ssh, but only through a VPN? Why not being allowed to run a PPP tunnel over a serial port when one already has granted access to the serial port? These are usually not an issue on the desktop, where the unprivileged user is actually also the privileged user, and people have become used to tinkering something through sudo, FUSE, TAP, etc. but it's still tedious and potential security holes. On a freshly-installed system, can't one e.g. just run tar xf /ftp://ftp.gnu.org/pub/gnu/gcc/gcc-4.6.0/gcc-4.6.0.tar.bz2 to download and unpack a tarball in one go? Actually, on a GNU/Hurd system, one can.

Funnily enough, even if GNU is Not Unix, GNU/Hurd uses a very unixish approach to bring extensibility: files. By introducing the concept of translator, which is actually its real core, GNU/Hurd lets a user easily achieve a wide range of tasks which require particular privileges on usual Unix systems, examples include accessing the content of an iso image from a shell, chrooting, routing application network traffic through a VPN, IP translation…

This talk will present the notion of translator, and through some examples of translators which already work, show the range of power that it brings to "non-privileged" users (i.e. actually the #0 freedom) without breaking security, and how it compares with the Linux GVFS/FUSE/CUSE/etc. equivalents.

Further reading
============
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.37.9653&rep=rep1&type=pdf
http://people.debian.org/~mbanck/debian-hurd.pdf

Slides
=====
http://www.gnu.org/ghm/2011/paris/slides/samuel-thibault-hurd.pdf
http://wenku.baidu.com/view/ec06df03a6c30c2259019e1b.html


Run time 43 minutes 15 seconds
Producer Samuel Thibault
Audio/Visual sound, color

Credits

http://hurd.gnu.org/
http://www.debian.org/ports/hurd/

comment
Reviews

There are no reviews yet. Be the first one to write a review.
SIMILAR ITEMS (based on metadata)
eye
Title
Date Archived
Creator
Community Video
movies
eye 168
favorite 1
comment 1
favoritefavoritefavoritefavoritefavorite ( 1 reviews )
Community Video
by Elevate
movies
eye 252
favorite 1
comment 0
Community Video
by ISOC-NY
movies
eye 448
favorite 1
comment 0
Community Video
by /g/
movies
eye 5,574
favorite 1
comment 0
Community Video
movies
eye 105
favorite 1
comment 0
Community Video
by Linux.com
movies
eye 294
favorite 1
comment 0
Community Video
by Oslo Freedom Forum
movies
eye 159
favorite 1
comment 0
Community Video
movies
eye 98
favorite 1
comment 0
Community Video
movies
eye 255
favorite 1
comment 0